Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Ubuntu :: b1a-1580.htm

Thunderbird vulnerabilities



Thunderbird vulnerabilities
Thunderbird vulnerabilities




--=-eTbbvTBu5DTwobNE9GEa
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

==========================================================Ubuntu Security Notice USN-958-1              July 26, 2010
thunderbird vulnerabilities
CVE-2010-0654, CVE-2010-1205, CVE-2010-1211, CVE-2010-1212,
CVE-2010-1213, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  thunderbird                     3.0.6+build2+nobinonly-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

Details follow:

Several flaws were discovered in the browser engine of Thunderbird. If a
user were tricked into viewing malicious content, a remote attacker could
use this to crash Thunderbird or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1211, CVE-2010-1212)

An integer overflow was discovered in how Thunderbird processed CSS values.
An attacker could exploit this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2752)

An integer overflow was discovered in how Thunderbird interpreted the XUL
element. If a user were tricked into viewing malicious content, a remote
attacker could use this to crash Thunderbird or possibly run arbitrary code
as the user invoking the program. (CVE-2010-2753)

Aki Helin discovered that libpng did not properly handle certain malformed
PNG images. If a user were tricked into opening a crafted PNG file, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-1205)

Yosuke Hasegawa discovered that the same-origin check in Thunderbird could
be bypassed by utilizing the importScripts Web Worker method. If a user
were tricked into viewing malicious content, an attacker could exploit this
to read data from other domains. (CVE-2010-1213)

Chris Evans discovered that Thunderbird did not properly process improper
CSS selectors. If a user were tricked into viewing malicious content, an
attacker could exploit this to read data from other domains.
(CVE-2010-0654)

Soroush Dalili discovered that Thunderbird did not properly handle script
error output. An attacker could use this to access URL parameters from
other domains. (CVE-2010-2754)


Updated packages for Ubuntu 10.04:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1.diff.gz 
      Size/MD5:    92850 bc785c0348418206d4c8588ebaac0132
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1.dsc 
      Size/MD5:     2412 a28a4d277235e3b6331a53471c467213
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly.orig.tar.gz 
      Size/MD5: 61048660 055766c535ba92126b033128d6540dd4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb 
      Size/MD5: 64137096 67d94866d04e19b71ad34521e78377cd
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb 
      Size/MD5:  5245646 e2eb4667407a5db752c62ad5a9f9df91
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb 
      Size/MD5:   148998 4eb30277c88a46b9f65bf80d9ca984bd
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb 
      Size/MD5:     9296 4ed1c5b7788eb65fbccb960617217f44
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb 
      Size/MD5: 11386116 cabfab2567a14b23bc0a46351ff4dbb7

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb 
      Size/MD5: 64479186 0e6a1a89d7591d3d143cf12c12680ac6
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb 
      Size/MD5:  5311316 870ff89004da182aac32cac5d38027e4
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb 
      Size/MD5:   148154 6541fcf1d83a42fb02926a81f0a50858
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb 
      Size/MD5:     9292 000175067546013dc9ed8b2dcc12072e
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb 
      Size/MD5: 10413876 9881b8ec4cd24233f1d7904997f04188

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb 
      Size/MD5: 67105712 cfac784d5b5369f85ee450bb6b8aa06d
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb 
      Size/MD5:  5238112 1666f03c78dffbbfdfe27697b6c1a983
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb 
      Size/MD5:   153330 2b28241ad770ced2dc0deb4d04e91f62
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb 
      Size/MD5:     9296 9caeeb0a6fd9694c0a2c26cfd7c007d9
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb 
      Size/MD5: 11266520 cc5caab3d5bb3dedbfd08f0cdbbe1cc3

  sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb 
      Size/MD5: 63651728 ecce696ddbd92be7a0e3d285317b3ab2
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb 
      Size/MD5:  5219274 f791be2a355ccb057e3526d56b3952d7
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb 
      Size/MD5:   144264 7ad54644130634dd28eec04fe01a2322
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb 
      Size/MD5:     9298 e69ad6c66d4a5907d7fb61aa1a12a0f3
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb 
      Size/MD5: 10521756 8247952d2eff647da997dd86595e869f




--=-eTbbvTBu5DTwobNE9GEa
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEABECAAYFAkxNvhAACgkQLMAs/0C4zNq+2gCeL7jDBw50Iwpx/zlWdBZuDR1e
Vu0AnRCqPhQ/dSCGO/aVJGMTGVCcJeTZ
=rZX+
-----END PGP SIGNATURE-----

--=-eTbbvTBu5DTwobNE9GEa--



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH